Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12000 | 1 Inductiveautomation | 1 Ignition Gateway | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
CVE-2020-10641 | 1 Inductiveautomation | 1 Ignition Gateway | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition. | |||||
CVE-2020-14520 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-08-11 | 5.0 MEDIUM | 7.5 HIGH |
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | |||||
CVE-2020-10644 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
CVE-2020-12004 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. |